[27007] in CVS-changelog-for-Kerberos-V5
krb5 commit: Do not retrieve zero-length creds
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Tue Sep 11 14:15:35 2012
Date: Tue, 11 Sep 2012 14:15:31 -0400
From: Benjamin Kaduk <kaduk@mit.edu>
Message-Id: <201209111815.q8BIFV7r002130@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/cd58adf4b0f52d0293ec8bf9d7d3e87bd1e6ce3f
commit cd58adf4b0f52d0293ec8bf9d7d3e87bd1e6ce3f
Author: Ben Kaduk <kaduk@mit.edu>
Date: Fri Aug 31 17:48:14 2012 -0400
Do not retrieve zero-length creds
In the MSLSA cache, if we get back a zero-length ticket, don't
accept it as success; continue on to try and get an acceptable
ticket.
ticket: 7349 (new)
subject: SapGUI sometimes crashes on new session with MSLSA cache
target_version: 1.10.4
tags: pullup
src/lib/krb5/ccache/cc_mslsa.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index 39d78e7..d692b42 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -2489,7 +2489,8 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
/* first try to find out if we have an existing ticket which meets the requirements */
kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
- if ( !kret )
+ /* This sometimes returns a zero-length ticket; work around it. */
+ if ( !kret && creds->ticket.length > 0 )
return KRB5_OK;
/* if not, we must try to get a ticket without specifying any flags or etypes */
@@ -2506,7 +2507,8 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
/* try again to find out if we have an existing ticket which meets the requirements */
kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
- if ( !kret )
+ /* This sometimes returns a zero-length ticket; work around it. */
+ if ( !kret && creds->ticket.length > 0 )
goto cleanup;
/* if not, obtain a ticket using the request flags and enctype even though it may not
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
